Skip to content

Add create release branch workflow #12

Add create release branch workflow

Add create release branch workflow #12

name: Create release branch
on:
workflow_dispatch:
inputs:
major_minor_version:
description: 'Major.Minor release version'
required: true
base_commit:
description: 'Base commit SHA'
required: true
pull_request:
# Workflow should only ever be run from main, so exclude
# running on pull requests to release branch resources.
branches: ['main']
paths:
# Run workflow on changes to the workflow definition and its
# dependencies to spot check the workflow functionality.
- '.github/workflows/create-release-branch.yml'
- 'scripts/create-release-branch.sh'
- 'scripts/build-third-party-licenses.sh'
- 'scripts/update-getting-started-guide-.sh'
env:
MAJOR_MINOR_VERSION: ''
BASE_COMMIT: ''
jobs:
test-create-branch:
if: github.event_name == 'pull_request'
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v4
- name: Mock workflow inputs on pull request
run: |
echo "MAJOR_MINOR_VERSION=0.${{ github.event.pull_request.number }}" >> $GITHUB_ENV
echo "BASE_COMMIT=${{ github.sha }}" >> $GITHUB_ENV
- name: Test create release branch
run: bash scripts/create-release-branch.sh --assert --base ${{ env.BASE_COMMIT }} --dry-run ${{ env.MAJOR_MINOR_VERSION }}
- uses: actions/setup-go@v5
- name: Install go-licenses
run: go install github.com/google/[email protected]
- name: Generate third party licenses file
run: bash scripts/build-third-party-licenses.sh
- name: Test update getting started version in release branch
run: bash scripts/update-getting-started-guide-version.sh --assert ${{ env.MAJOR_MINOR_VERSION }}.0
- name: Test rollback create releae branch
run: bash scripts/create-release-branch.sh --assert --dry-run --rollback ${{ env.MAJOR_MINOR_VERSION }}
create-branch:
if: github.event_name == 'workflow_dispatch'
runs-on: ubuntu-20.04
permissions:
# Write permissions needed to create release branch.
# Risk for pwn requests is mitigated by seperating jobs such that
# workflows running with write permissions only use code from main.
contents: write
steps:
- uses: actions/checkout@v4
with:
ref: main
sparse-checkout: |
scripts/create-release-branch.sh
- name: Set environment variables for workflow
run: |
echo "MAJOR_MINOR_VERSION=${{ github.event.inputs.major_minor_version }}" >> $GITHUB_ENV
echo "BASE_COMMIT=${{ github.event.inputs.base_commit }}" >> $GITHUB_ENV
- name: Create release branch
run: bash scripts/create-release-branch.sh --base ${{ env.BASE_COMMIT }} ${{ env.MAJOR_MINOR_VERSION }}
initial-pr:
needs: create-branch
if: github.event_name == 'workflow_dispatch' && needs.create-branch.result == 'success'
runs-on: ubuntu-20.04
permissions:
# Write permissions needed to create pull request.
# Risk for pwn requests is mitigated by seperating jobs such that
# workflows running with write permissions only use code from the
# branch which was cut from main.
contents: write
pull-requests: write
steps:
- uses: actions/checkout@v4
with:
ref: release/${{ env.MAJOR_MINOR_VERSION }}
- uses: actions/setup-go@v5
- name: Install go-licenses
run: go install github.com/google/[email protected]
- name: Generate third party licenses file
run: bash scripts/build-third-party-licenses.sh
- name: Update getting started version in release branch
run: bash scripts/update-getting-started-guide-version.sh --verbose "${{ env.MAJOR_MINOR_VERSION }}.0"
- name: Create PR
uses: peter-evans/create-pull-request@v6
with:
title: 'Prepare release ${{ env.MAJOR_MINOR_VERSION }}'
commit-message: |
Prepare release ${{ env.MAJOR_MINOR_VERSION }}
This change adds the THIRD_PARTY_LICENSES file and updates the getting started guide for release/${{ env.MAJOR_MINOR_VERSION }}.
body: |
This change adds the THIRD_PARTY_LICENSES file and updates the getting started guide for release/${{ env.MAJOR_MINOR_VERSION }}.
Auto-generated by [create-pull-request](https://github.com/peter-evans/create-pull-request)
labels: easy-to-review, automated-pr
token: ${{ secrets.GITHUB_TOKEN }}
author: "GitHub <[email protected]>"
signoff: true
branch: 'create-pull-request/prepare-release-${{ env.MAJOR_MINOR_VERSION }}'
base: 'release/${{ env.MAJOR_MINOR_VERSION }}'
delete-branch: true
auto-rollback:
needs: initial-pr
# If the workflow was unable to create the pull request with the THIRD_PARTY_LICENSES file
# and getting started guide version updates, then the release branch should be rolled back.
if: github.event_name == 'workflow_dispatch' && needs.initial-pr.result == 'failure'
runs-on: ubuntu-20.04
permissions:
# Write permissions needed to rollback release branch.
# Risk for pwn requests is mitigated by seperating jobs such that
# workflows running with write permissions only use code from main.
contents: write
steps:
- uses: actions/checkout@v4
with:
ref: main
sparse-checkout: |
scripts/create-release-branch.sh
- name: Delete release branch
run: bash scripts/create-release-branch.sh --rollback ${{ env.MAJOR_MINOR_VERSION }}